[PATCH] exec: Check __FMODE_EXEC instead of in_execve for LSMs
Tetsuo Handa
penguin-kernel at I-love.SAKURA.ne.jp
Thu Jan 25 14:34:00 UTC 2024
On 2024/01/25 6:50, Kees Cook wrote:
> Yeah, I was just noticing this. I was over thinking. :) It does look
> like all that is needed is to remove __FMODE_EXEC.
I worry that some out-of-tree kernel code continues using __FMODE_EXEC for
opening for non-execve() purpose. If that happened, TOMOYO will be fooled...
Can't we remove __FMODE_EXEC and FMODE_EXEC flag from f_flags instead of
replacing current->in_execve with file->f_flags & __FMODE_EXEC ?
More information about the Linux-security-module-archive
mailing list